10389 Posts in 2200 Topics by 1712 members
| Go to End | Next > | |
| Author | Topic: | 4475 Views |
-
SecureFiles 0.21 Released - Testers + Translations please!
4 March 2010 at 10:47am Last edited: 4 March 2010 10:51am
Hi all,
There is a new SecureFiles (v0.21) available here:
http://silverstripe.org/secure-files/
There have been a number of improvements:
You can now apply decorators in your _config to decide how you want Secure Files to manage permissions. From the base install, only ADMINS and users with the SECURE_FILES permission will be able to access secure files. You can then apply the Group Permission Decorator or Member Permission Decorator (or both) to add the functionality you want.
It's also easy to extend - simply create a new decorator that implements canViewSecured() and you can add new permission systems.
Should be compatible with 2.3.x and 2.4b
Translations would be welcome.
Future enhancements:
- -Time restricted permissions
- -Auth Token permission - provide an auth token to access a particular file. Useful for 'paid content' systems
- -Access logging
- -GUI improvements within the CMS
Note: this is not the same module that is available via svn.silverstripe.com or open.silverstripe.com.
See latest updates at: http://polemic.net.nz/svn/silverstripe/modules/SecureFiles/trunk/
tickets etc at: http://polemic.net.nz/trac/Regards
Hamish - -Time restricted permissions
-
Re: SecureFiles 0.21 Released - Testers + Translations please!
6 March 2010 at 3:49pm
What are the main differences between this and the one available via svn.silverstripe.com?
-
Re: SecureFiles 0.21 Released - Testers + Translations please!
6 March 2010 at 5:15pm
The silverstripe.com one is a fork of an earlier version - I don't know who is responsible for ongoing maintenance.
The version available at http://silverstripe.org/secure-files/ has a number of modes of operation and is 'developer friendly' in that you can add new permission rules easily. I'm also making sure it is v2.3 and v2.4 compatible.
-
Re: SecureFiles 0.21 Released - Testers + Translations please!
9 March 2010 at 10:20am
Okay, Hamish, I'm officially confused. I'd really like to use this module to prevent the public from browsing a folder that is full of resumes uploaded from a contact form. I have gone to the Security tab, with your two decorators enabled in the _config.php, and I set the permissions to a single member, but I can still browse to /assets/Uploads/myfile.pdf and download. Is there a step that I'm missing?
-
Re: SecureFiles 0.21 Released - Testers + Translations please!
9 March 2010 at 1:05pm
Have you ticked "folder is secure" and saved the folder? This will write an htaccess file that sets up the required rules.
Also, you'll still have access if you're an Admin user.
-
Re: SecureFiles 0.21 Released - Testers + Translations please!
9 March 2010 at 10:32pm
Hi Hamish!
I haven’t found the time to test the module, so the following translations lack context, but they should be good enough for the moment. I’ll update they later if needed. BTW, there’s a typo in the comment MEMBER PERMISSION.
@UC: I’ll send you French and Spanish translations for some of your modules… waiting for an appropriated rainy Sunday!
Best regards,
Juan -
Re: SecureFiles 0.21 Released - Testers + Translations please!
10 March 2010 at 7:48am
Hi, Hamish,
Yes, the folder is marked as secure. Here's the .htaccess in my secure "Uploads" folder:
RemoveHandler .php .phtml .php3 ,php4 .php5 .inc
RemoveType .php .phtml .php3 .php4 .php5 .inc
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^(.*)$
RewriteRule (.*) sapphire/main.php?url=%1&%{QUERY_STRING} [L]Is that right?
-
Re: SecureFiles 0.21 Released - Testers + Translations please!
10 March 2010 at 8:07am
Never mind... I get it now.. I must have been logged in as an admin. Very nice module, Hamish! We'll be rolling this out everywhere.
| 4475 Views | ||
| Go to Top | Next > |
